Bug 110590

Summary: REGRESSION(r143654): some fast/js test crashes on 32 bit build
Product: WebKit Reporter: Zoltan Arvai <zarvai>
Component: Tools / TestsAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, hausmann, jberlin, jturcotte, kadam, oliver, ossy, zan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 79668, 109371    
Attachments:
Description Flags
the patch mhahnenberg: review+

Zoltan Arvai
Reported 2013-02-22 04:57:06 PST
Two tests are crashing on 32 bit Qt builds. Probably r143654 caused the issue. fast/js/regress/HashMap-string-put-get-iterate.html fast/js/dfg-value-to-int32-with-side-effect.html Our x86-32 Linux Qt Debug buildbot has some inforamtion about it: http://build.webkit.sed.hu/results/x86-32%20Linux%20Qt%20Debug/r143709%20%2824526%29/results.html fast/js/regress/HashMap-string-put-get-iterate-crash-log.txt crash log for DumpRenderTree (pid 8648): STDOUT: <empty> STDERR: SHOULD NEVER BE REACHED STDERR: /ramdisk/qt-linux-32-debug/build/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp(2291) : void JSC::DFG::SpeculativeJIT::compileValueToInt32(JSC::DFG::Node*) STDERR: 1 0xf5b0724f /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x187024f) [0xf5b0724f] STDERR: 2 0xf5b2ff8e /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1898f8e) [0xf5b2ff8e] STDERR: 3 0xf5b04a03 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x186da03) [0xf5b04a03] STDERR: 4 0xf5b050e6 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x186e0e6) [0xf5b050e6] STDERR: 5 0xf5ad0a27 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1839a27) [0xf5ad0a27] STDERR: 6 0xf5ad1bf6 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x183abf6) [0xf5ad1bf6] STDERR: 7 0xf5ac24fa /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x182b4fa) [0xf5ac24fa] STDERR: 8 0xf5ac1d31 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x182ad31) [0xf5ac1d31] STDERR: 9 0xf5c550c4 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19be0c4) [0xf5c550c4] STDERR: 10 0xf5c55380 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19be380) [0xf5c55380] STDERR: 11 0xf5c536f0 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19bc6f0) [0xf5c536f0] STDERR: 12 0xf5c52f01 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19bbf01) [0xf5c52f01] STDERR: 13 0xf59c7d34 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1730d34) [0xf59c7d34] STDERR: 14 0xf59c2a19 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x172ba19) [0xf59c2a19] STDERR: 15 0xf5ba7a06 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1910a06) [0xf5ba7a06] STDERR: 16 0xf5ba486e /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x190d86e) [0xf5ba486e] STDERR: 17 0xee700120 [0xee700120] STDERR: 18 0xf5b6f6f9 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x18d86f9) [0xf5b6f6f9] STDERR: 19 0xf5b6cf7d /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x18d5f7d) [0xf5b6cf7d] STDERR: 20 0xf5c48f98 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(_ZN3JSC8evaluateEPNS_9ExecStateERKNS_10SourceCodeENS_7JSValueEPS5_+0x213) [0xf5c48f98] STDERR: 21 0xf45a7f00 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x310f00) [0xf45a7f00] STDERR: 22 0xf45c6401 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x32f401) [0xf45c6401] STDERR: 23 0xf45c6512 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x32f512) [0xf45c6512] STDERR: 24 0xf48cc290 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x635290) [0xf48cc290] STDERR: 25 0xf4a714d6 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7da4d6) [0xf4a714d6] STDERR: 26 0xf4a71334 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7da334) [0xf4a71334] STDERR: 27 0xf4a71841 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7da841) [0xf4a71841] STDERR: 28 0xf4a71a00 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7daa00) [0xf4a71a00] STDERR: 29 0xf4a62d8b /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7cbd8b) [0xf4a62d8b] STDERR: 30 0xf4bd0fc5 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x939fc5) [0xf4bd0fc5] STDERR: 31 0xf4bdbdb5 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x944db5) [0xf4bdbdb5] fast/js/regress/tear-off-arguments-simple-crash-log.txt: crash log for DumpRenderTree (pid 8752): STDOUT: <empty> STDERR: ASSERTION FAILED: mode == ManualOperandSpeculation || edge.useKind() == UntypedUse STDERR: /ramdisk/qt-linux-32-debug/build/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h(2393) : JSC::DFG::JSValueOperand::JSValueOperand(JSC::DFG::SpeculativeJIT*, JSC::DFG::Edge, JSC::DFG::OperandSpeculationMode) STDERR: 1 0xf5a43a2f /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1881a2f) [0xf5a43a2f] STDERR: 2 0xf5a3a9f7 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x18789f7) [0xf5a3a9f7] STDERR: 3 0xf5a3b776 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1879776) [0xf5a3b776] STDERR: 4 0xf5a6d443 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x18ab443) [0xf5a6d443] STDERR: 5 0xf5a2fa03 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x186da03) [0xf5a2fa03] STDERR: 6 0xf5a300e6 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x186e0e6) [0xf5a300e6] STDERR: 7 0xf59fba27 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1839a27) [0xf59fba27] STDERR: 8 0xf59fc911 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x183a911) [0xf59fc911] STDERR: 9 0xf59ed5af /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x182b5af) [0xf59ed5af] STDERR: 10 0xf59eccfa /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x182acfa) [0xf59eccfa] STDERR: 11 0xf5b8106c /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19bf06c) [0xf5b8106c] STDERR: 12 0xf5b8149f /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19bf49f) [0xf5b8149f] STDERR: 13 0xf5b7d371 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19bb371) [0xf5b7d371] STDERR: 14 0xf5b7d041 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x19bb041) [0xf5b7d041] STDERR: 15 0xf58ed8fa /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x172b8fa) [0xf58ed8fa] STDERR: 16 0xf5ad2a06 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x1910a06) [0xf5ad2a06] STDERR: 17 0xf5acf86e /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x190d86e) [0xf5acf86e] STDERR: 18 0xee600058 [0xee600058] STDERR: 19 0xf5a9a6f9 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x18d86f9) [0xf5a9a6f9] STDERR: 20 0xf5a97f7d /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x18d5f7d) [0xf5a97f7d] STDERR: 21 0xf5b73f98 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(_ZN3JSC8evaluateEPNS_9ExecStateERKNS_10SourceCodeENS_7JSValueEPS5_+0x213) [0xf5b73f98] STDERR: 22 0xf44d2f00 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x310f00) [0xf44d2f00] STDERR: 23 0xf44f1401 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x32f401) [0xf44f1401] STDERR: 24 0xf44f1512 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x32f512) [0xf44f1512] STDERR: 25 0xf47f7290 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x635290) [0xf47f7290] STDERR: 26 0xf499c4d6 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7da4d6) [0xf499c4d6] STDERR: 27 0xf499c334 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7da334) [0xf499c334] STDERR: 28 0xf499c841 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7da841) [0xf499c841] STDERR: 29 0xf499ca00 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7daa00) [0xf499ca00] STDERR: 30 0xf498dd8b /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x7cbd8b) [0xf498dd8b] STDERR: 31 0xf4afbfc5 /ramdisk/qt-linux-32-debug/build/WebKitBuild/Debug/lib/libQt5WebKit.so.5(+0x939fc5) [0xf4afbfc5]
Attachments
the patch (2.14 KB, patch)
2013-02-22 14:34 PST, Filip Pizlo 		mhahnenberg: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Zoltan Arvai
Comment 1 2013-02-22 05:10:22 PST
Some update about crashing tests: Qt Linux Release and x86-32 Linux Qt Release NRWT bot: fast/js/regress/HashMap-string-put-get-iterate.html fast/js/dfg-value-to-int32-with-side-effect.html x86-32 Linux Qt Debug bot: fast/js/regress/HashMap-string-put-get-iterate.html fast/js/regress/tear-off-arguments-simple.html fast/js/dfg-dead-min-one-arg.html fast/js/dfg-value-to-int32-with-side-effect.html http://build.webkit.sed.hu/results/x86-32%20Linux%20Qt%20Debug/r143654%20%2824514%29/results.html
Zoltan Arvai
Comment 2 2013-02-22 05:30:29 PST
Skipped on Qt in http://trac.webkit.org/changeset/143716 : fast/js/regress/HashMap-string-put-get-iterate.html fast/js/dfg-value-to-int32-with-side-effect.html
Csaba Osztrogonác
Comment 3 2013-02-22 05:56:10 PST
I don't think if it is a Qt specific bug, but a bug in 32 bit DFG JIT.
Zoltan Arvai
Comment 4 2013-02-22 06:07:09 PST
(In reply to comment #3) > I don't think if it is a Qt specific bug, but a bug in 32 bit DFG JIT. You're right, I found it on GTK Linux 32-bit Release bot, too. fast/js/dfg-value-to-int32-with-side-effect-crash-log.txt: Crash log for DumpRenderTree (pid 17731): Coredump core-pid_17731-_-process_DumpRenderTree not found. To enable crash logs: - run this command as super-user: echo "/path/to/coredumps/core-pid_%p-_-process_%e" > /proc/sys/kernel/core_pattern - enable core dumps: ulimit -c unlimited - set the WEBKIT_CORE_DUMPS_DIRECTORY environment variable: export WEBKIT_CORE_DUMPS_DIRECTORY=/path/to/coredumps STDERR: 1 0xb759f5b6 /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC3DFG14SpeculativeJIT19compileValueToInt32EPNS0_4NodeE+0x79c) [0xb759f5b6] STDERR: 2 0xb7571153 /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC3DFG14SpeculativeJIT7compileEPNS0_4NodeE+0x7d4b) [0xb7571153] STDERR: 3 0xb7594f4e /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC3DFG14SpeculativeJIT7compileERNS0_10BasicBlockE+0x44a) [0xb7594f4e] STDERR: 4 0xb759c399 /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC3DFG14SpeculativeJIT7compileEv+0x65) [0xb759c399] STDERR: 5 0xb7533c97 /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC3DFG11JITCompiler11compileBodyERNS0_14SpeculativeJITE+0x1b) [0xb7533c97] STDERR: 6 0xb753701b /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC3DFG11JITCompiler15compileFunctionERNS_7JITCodeERNS_21MacroAssemblerCodePtrE+0x1bf) [0xb753701b] STDERR: 7 0xb752b82f /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(+0x19d82f) [0xb752b82f] STDERR: 8 0xb76ec7d7 /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC18FunctionExecutable22compileForCallInternalEPNS_9ExecStateEPNS_7JSScopeENS_7JITCode7JITTypeEj+0x3a1) [0xb76ec7d7] STDERR: 9 0xb76ed20b /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC18FunctionExecutable23compileOptimizedForCallEPNS_9ExecStateEPNS_7JSScopeEj+0x65) [0xb76ed20b] STDERR: 10 0xb74a27fc /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC17FunctionCodeBlock16compileOptimizedEPNS_9ExecStateEPNS_7JSScopeEj+0x4e) [0xb74a27fc] STDERR: 11 0xb76204cc /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(+0x2924cc) [0xb76204cc] STDERR: 12 0xab7586b3 [0xab7586b3] STDERR: 13 0xb75d6900 /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter7executeEPNS_17ProgramExecutableEPNS_9ExecStateEPNS_8JSObjectE+0xccc) [0xb75d6900] STDERR: 14 0xb687d3e5 /var/lib/buildbot/build/gtk-linux-32-release/build/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0(+0x112f3e5) [0xb687d3e5]
Zoltan Arvai
Comment 5 2013-02-22 09:33:40 PST
gdb backtrace on 32 bit with Qt5.0.1 and WebKit r143723 fast/js/dfg-value-to-int32-with-side-effect.html https://gist.github.com/azbesthu/5015087 fast/js/regress/HashMap-string-put-get-iterate.html https://gist.github.com/azbesthu/5015103 fast/js/regress/tear-off-arguments-simple.html https://gist.github.com/azbesthu/5015119 fast/js/dfg-dead-min-one-arg.html https://gist.github.com/azbesthu/5015134
Oliver Hunt
Comment 6 2013-02-22 11:02:29 PST
I'm leaning towards a rollout unless the fix is obvious. I'll know in the next hour (on a bus currently)
Filip Pizlo
Comment 7 2013-02-22 13:52:32 PST
(In reply to comment #6) > I'm leaning towards a rollout unless the fix is obvious. I'll know in the next hour (on a bus currently) I am looking at it.
Filip Pizlo
Comment 8 2013-02-22 14:28:25 PST
(In reply to comment #7) > (In reply to comment #6) > > I'm leaning towards a rollout unless the fix is obvious. I'll know in the next hour (on a bus currently) > > I am looking at it. Fix is easy. Will have patch shortly.
Filip Pizlo
Comment 9 2013-02-22 14:34:09 PST
Created attachment 189831 [details] the patch
Mark Hahnenberg
Comment 10 2013-02-22 14:39:22 PST
Comment on attachment 189831 [details] the patch r=me
Filip Pizlo
Comment 11 2013-02-22 14:40:17 PST
Landed in http://trac.webkit.org/changeset/143800
Note You need to log in before you can comment on or make changes to this bug.